cf11e28599
Found via RedHat bug 1174792. It was not clear whether these address a NULL dereference and a division by zero.
28 lines
797 B
Diff
28 lines
797 B
Diff
From 55e33019afcb3256cccedf606548b86816f6da59 Mon Sep 17 00:00:00 2001
|
|
From: Chris Bagwell <chris@cnpbagwell.com>
|
|
Date: Sat, 13 Dec 2014 12:48:37 -0600
|
|
Subject: [PATCH 1/2] Check for minimum size sphere headers
|
|
|
|
---
|
|
src/sphere.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/src/sphere.c b/src/sphere.c
|
|
index 479a552..a3fd1c6 100644
|
|
--- a/src/sphere.c
|
|
+++ b/src/sphere.c
|
|
@@ -47,6 +47,11 @@ static int start_read(sox_format_t * ft)
|
|
|
|
/* Determine header size, and allocate a buffer large enough to hold it. */
|
|
sscanf(fldsval, "%lu", &header_size_ul);
|
|
+ if (header_size_ul < 16) {
|
|
+ lsx_fail_errno(ft, SOX_EHDR, "Error reading Sphere header");
|
|
+ return (SOX_EOF);
|
|
+ }
|
|
+
|
|
buf = lsx_malloc(header_size = header_size_ul);
|
|
|
|
/* Skip what we have read so far */
|
|
--
|
|
2.1.0
|
|
|